diff options
author | David S. Miller <davem@sunset.davemloft.net> | 2007-04-13 19:37:54 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-13 19:37:54 -0400 |
commit | 49688c843101ba6275756505e81af45ef50f87d7 (patch) | |
tree | e30c9d9424115282be11b1495b8bcf8a12a5885b | |
parent | 612f09e8495ba656032f89147ab999ef2be9c360 (diff) |
[NETFILTER] arp_tables: Fix unaligned accesses.
There are two device string comparison loops in arp_packet_match().
The first one goes byte-by-byte but the second one tries to be
clever and cast the string to a long and compare by longs.
The device name strings in the arp table entries are not guarenteed
to be aligned enough to make this value, so just use byte-by-byte
for both cases.
Based upon a report by <drraid@gmail.com>.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 5170f5c75f9d..57b0221f9e24 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -166,13 +166,9 @@ static inline int arp_packet_match(const struct arphdr *arphdr, | |||
166 | return 0; | 166 | return 0; |
167 | } | 167 | } |
168 | 168 | ||
169 | for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { | 169 | for (i = 0, ret = 0; i < IFNAMSIZ; i++) { |
170 | unsigned long odev; | 170 | ret |= (outdev[i] ^ arpinfo->outiface[i]) |
171 | memcpy(&odev, outdev + i*sizeof(unsigned long), | 171 | & arpinfo->outiface_mask[i]; |
172 | sizeof(unsigned long)); | ||
173 | ret |= (odev | ||
174 | ^ ((const unsigned long *)arpinfo->outiface)[i]) | ||
175 | & ((const unsigned long *)arpinfo->outiface_mask)[i]; | ||
176 | } | 172 | } |
177 | 173 | ||
178 | if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) { | 174 | if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) { |